The essential toolkit for effective AD management: The Integrations Handbook
The essential toolkit for effective AD management: The Integrations Handbook
Introduction
IT management becomes unwieldy when technicians work with too many
applications, even if they're just executing simple tasks. Instead of deploying
applications that work in silos, ADManager Plus integrates with IT service
management (ITSM) tools such as ServiceDesk Plus and ServiceNow, allowing your
technicians to perform their IT management tasks from a single tool.
While ADManager Plus helps manage all aspects of Active Directory (AD), ITSM tools
provide help desks with greater visibility and centralized control. ADManager Plus
also integrates with HR application databases like Oracle and MS SQL to help
manage employee details in your organization. These integrations help technicians
perform various AD user management tasks, from user onboarding to
deprovisioning. In addition, ADManager Plus also sends logs to a syslog server,
which can be utilized by SIEM applications to audit AD management activities.
Benefits of ADManager Plus' integrations
By implementing ADManager Plus' integrations in your organization, you can:
Make onboarding fast, efficient, user-friendly, and employee-centric.
Ensure demands for employee role changes, transfers, promotions, and
relocations are processed seamlessly.
Drive standardization to improve efficiency, compliance, and productivity.
Reduce onboarding backlogs.
Enable employees to make smarter requests for password resets and instant account unlocks.
Ensure error-free documentation and data entry.
Integrating with help desk applications
Integrating help desk applications like ServiceDesk Plus and ServiceNow with
ADManager Plus makes it easy for you to:
Simultaneously provision user accounts in Microsoft 365, Google Workspace, and Skype for Business.
Save time and effort by performing routine activities from a single console. You'll no longer need to copy data from service requests to the native AD management tool.
Customize user details during onboarding with the help of ADManager Plus' user templates.
Standardize your user naming format and prevent the creation of duplicate user accounts in AD.
Resolve password reset requests quickly, reducing employee idle time and increasing your organization's net productivity.
This integration also enables end users to create requests for any of the available
AD management activities through the Service Catalog.
ManageEngine ServiceDesk Plus
ServiceDesk Plus helps admins manage IT tickets, hardware, and software
efficiently. After integrating ADManager Plus with ServiceDesk Plus, administrators
can create, delete, unlock, and enable or disable users, as well as reset user
passwords from the ServiceDesk Plus console. This helps admins easily perform all
aspects of user provisioning.
Steps to configure ServiceDesk Plus settings in ADManager Plus:
In ADManager Plus, click the Admin tab.
Under System Settings, select Integrations.
Under ITSM/Help Desk Tools, click ServiceDesk Plus.
On the ServiceDesk Plus settings page, configure the following:
Server where ServiceDesk Plus is running: Enter the ServiceDesk Plus server name.
ServiceDesk Plus server port number: Enter the port number.
Protocol Settings: Select the protocol for data transmission.
Click Enable tight integration with ServiceDesk Plus to perform AD- and Exchange-related tasks from the ServiceDesk Plus console.
Click Test Connection and Save to establish a connection and save your settings.
ServiceNow
ServiceNow is an ITSM tool that makes it easy for users to submit and track IT
requests. The ADManager Plus-ServiceNow integration helps you simplify user
onboarding as well as scale onboarding to an enterprise level. It also supports more
ecient identity management, and more accurate oboarding processes. This
integration also helps enable, disable, or unlock user accounts, reset AD users'
passwords, alter group membership details by adding or removing user accounts
from groups, and more.
Redefine employee productivity, lower operating costs, and improve overall
administration through a consistent system of engagement. You can even carry out
AD management activities while handling IT issues. With this integration, end users
create requests for any of the available AD management activities under the Service
Catalog. Technicians can view their requests under the Incidents tab and perform
AD management tasks through the form context menu.
Steps to configure ADManager Plus in ServiceNow:
Download the ADManager Plus app from the ServiceNow store.
From the ServiceNow console, go to Application.
Select the downloaded app and click Install
Type ADManager Plus in the search box on the left-hand side of the page.
You will be able to view ADManager Plus' different modules
Select Setup and go through the wizard to configure it as per your
requirements.
If you've already downloaded ADManager Plus, click Next.
Enter your ADManager Plus server name and port number, as well as your
ServiceNow MID server URL .
Note: The MID Server ensures communication between ServiceNow and
ADManager Plus when ADManager Plus is hosted on a private network. If
your instance of ADManager Plus is accessible via a public IP, you don't
need to specify a MID server URL.
Enter your ADManager Plus administrator's credentials to complete the
integration.
Steps to configure ServiceNow in ADManager Plus:
In ADManager Plus, click the Admin tab.
Under System Settings, click Integrations.
Under ITSM/Help Desk Tools, click Under ITSM/Help Desk Tools, click ServiceNow.
In the ServiceNow URL field, enter the URL where your ServiceNow instance is hosted.
Click Test Connection and Save to establish a connection and save your settings.
Integrating with HR databases
HR databases are the back-end storage that enable HR applications to run
smoothly. Oracle and MS SQL are two of the most widely-used databases across
organizations today. Using ADManager Plus, IT admins can schedule automation
tasks, which can help with identity provisioning. An Oracle or MS SQL database can
be configured as the data source for user information in ADManager Plus, enabling
it to fetch user information from these databases and create user accounts at a
scheduled time.
Using ADManager Plus' user creation templates
Identity provisioning is one of the most important processes for an organization, as
it's often the first impression new employees get while being onboarded . This
integration oers the best platform to welcome an employee into your organization
without experiencing any hiccups, as it doesn't stop simply with user creation. The
user creation templates in ADManager Plus help you:
Create user accounts in Active Directory, Exchange, Microsoft 365, Google Workspace, and
Skype for Business.
Configure Exchange-related properties for new users such as storage limits,
delivery restrictions, and more.
Manage group memberships.
Eliminate duplication of users.
Streamline naming formats.
Customize password formats and allow new users to set random
passwords.
Oracle database integration
Steps to configure Oracle DB settings in ADManager Plus:
In ADManager Plus, click the Automation tab.
On the left pane, select HCM Integrations.
Under Database, click Oracle DB.
On the Oracle Database settings page, configure the following:
Server Name: Enter the server name.
Port Number: Enter the port number to establish the connection.
Database Name: Enter the name of the database in Oracle.
Authentication: Enter the username and password for authentication.
Click Test Connection and Save to establish a connection and save your settings.
Steps to add a new configuration:
Click the Add a new configuration button and enter a suitable name.
Enter the details about the new configuration in the Description field.
Configure the following details:
Select Server: Select the desired server from the drop-down menu.
SID Name: Enter the SID name in Oracle Database.
Table Name: Enter the name of the table in Oracle Database.
Automation Category: Select the automation type from the drop-down menu.
Fetch the input for user creation from the Oracle Database table by mapping the DB Column Name to the LDAP Attribute Name.
Click Save to save the new configuration.
Steps to automate user creation:
Click the Automation tab.
Select Automation from the left pane.
Click + Create New Automation and configure the following:
Automation Name: Enter a name for the automation.
Description: Add a brief note about the automation.
Automation Category: Select User Automation from the menu.
Select Domain: Select the domain/OUs where the automation should run. Child OUs can be eliminated by checking Exclude Child OU(s).
Automation Task/Policy: Select Create Users from the menu.
Select Template: Select the template to be applied for user creation.
Location of CSV: Click the Location of CSV drop-down menu and select Data from oracle. Select a configuration from the menu or click Add New Configuration to add new settings.
Implement Business Workflow: Check Implement Business Workflow if the automation has to be executed through a workflow.
Execution Time: Configure the automation execution time and repeat the execution using the Hourly, Daily, Weekly, Monthly, and Custom options.
Click Save to save your settings or click Save & Run to save the settings and run the automation instantly.
MS SQL Integration
Steps to configure Microsoft SQL Server settings in ADManager Plus:
In ADManager Plus, click the Automation tab.
On the left pane, select HCM Integrations.
Under Database, click MS Sql Server.
On the Microsoft SQL Server settings page, configure the following:
Server Name: Enter the server name.
Instance Name: Enter the instance name and port number.
Authentication: Select either of the following authentication types:
SQL Authentication: Enter the username and password for authentication.
Windows Authentication: Enter the domain name, username, and password for authentication.
Click Test Connection and Save to establish a connection and save the settings.
Steps to add a new configuration:
Click the Add a new configuration button and enter a suitable name.
Enter the details about the new configuration in the Description field.
Configure the following details:
Select Server: Select the server name from the drop-down menu.
Select Database: Enter the database name.
Table Name: Enter the name of the table in the Microsoft SQL Server database.
Automation Category: Select the automation type from the drop-down menu.
Fetch the input for user creation from the Microsoft SQL Server table by mapping the DB Column Name to the LDAP Attribute Name.
Click Save to save the new configuration.
Steps to automate user creation:
Click the Automation tab.
Select Automation from the left pane.
Click + Create New Automation and configure the following:
Automation Name: Enter a name for the automation.
Description: Add a brief note about the automation.
Automation Category: Select User Automation from the drop-down menu.
Select Domain: Select the domain/OUs where the automation should run. Child OUs can be eliminated by checking Exclude Child OU(s).
Automation Task/Policy: Select Create Users from the menu.
Select Template: Select the template to be applied for user creation.
Location of CSV: Click the Location of CSV drop-down menu and select Data from mssql. Select a configuration from the menu or click Add New Configuration to add new settings.
Implement Business Workflow: Check this option if the automation has to be executed through a workflow.
Execution Time: Configure the automation execution time and repeat the execution using the Hourly, Daily, Weekly, Monthly, or Custom options.
Click Save to save the settings or click Save & Run to save the settings and run the automation instantly.
Integrating with SIEM applications
SIEM applications collect data from various sources and monitor this data for
security purposes. Logs are one of the most important sources of data for any SIEM
tool. By analyzing these logs, admins can troubleshoot, ensure compliance with
regulations, investigate security incidents, and more. With this integration, SIEM
applications will receive real-time records of technicians' activity performed using
ADManager Plus.
ManageEngine ADSelfService Plus
ManageEngine ADSelfService Plus is a secure, web-based, end-user password
reset management program. This software helps domain users update account
information on their own in Microsoft Windows Active Directory
Steps to configure syslog settings in ADManager Plus:
In ADManager Plus, click the Admin tab.
Under System Settings, select Integrations.
Under Log Forwarding, click Syslog.
Configure the following details:
Syslog Server: Enter the syslog server name.
Port: Enter the port number.
Protocol: Select the appropriate protocol from the menu: UDP or TCP.
Syslog Standard: Select the appropriate standard from the menu: RFC 3164, RFC 5424, or RawLog.
Data Format: Enter the data format.
Click Save to save the settings.
Self-service prerequisites
Help Desk Assisted Self-Service with ADSelfService Plus mandates the following prerequisites:
Self-service approval workflow
By enabling the self-service approval workflow feature, you can route self-service
requests from end users through your IT help desk for approval. After approval from
the IT help desk, the self-service requests will be updated in Active Directory. This
feature will help you take hold of users' self-service operations and maintain control
over what details get updated in Active Directory. Refer to the image below to see
how this process works.
Steps to integrate ADSelfService Plus with ADManager Plus:
The requests created by users from ADSelfService Plus can be managed and
executed by your IT help desk staff using ADManager Plus.
Log in to the ADSelfService Plus web console with admin credentials.
Navigate to Admin → Product Settings → Integration Settings.
Click the ADManager Plus product tile.
In the Server Name or IP field, enter the name of the server on which ADManager Plus is installed.
Enter the Port Number used by ADManager Plus.
Select the Protocol (HTTP or HTTPS) enabled in ADManager Plus from the drop-down menu.
Click Save.
Once integrated, you can enable the Approval Workflow in ADSelfService Plus
Steps to configure a self-service approval workflow:
Launch ADSelfService Plus and log in as an administrator.
Navigate to Configuration → Administrative Tools → Approval Workflow.
Check Enable Approval Workflow.
Under Available Actions, select which self-service actions should come under the approval workflow.
Select the policies for which you want to enable the approval workflow.
Click Save.
Steps to configure an approval workflow for password resets and account unlocks:
If you have enabled an approval workflow for password resets and account unlocks, then you have to configure security questions. These will be used by the help desk technicians to verify the identities of end users before approving their actions.
In ADSelfService Plus, navigate to Configuration → Administrative Tools → Approval Workflow.
Check Enable Approval Workflow.
Enable the Reset Password/Unlock Account option and click Configure AD Questions.
In the dialog box that opens, you will see a list of security questions already configured by default. You can add, delete, edit, enable, and disable the security questions as you wish.
To add a new security question, click + Add Question at the bottom of the dialog box. Enter the new security question and select the corresponding LDAP attribute. The value of the selected attribute will serve as the answer to the security question.
Once you have configured the security questions, click Save to close the dialog box and click Save again to save the approval workflow.
From the ADManager Plus console, the administrator may set assigning rules and
notification rules as per one's requirement.
Integration with custom HCM/HRMS applications
Most mid-to-large enterprises employ Human Capital Management (HCM) solutions to manage employee lifecycles. ADManager Plus seamlessly integrates with any custom HCM/HRMS products with API support and enables you to automatically manage employee details on the go.
For detailed steps on how to integrate ADManager Plus with a custom HCM/HRMS application, refer to this help document.
Summary
Despite varying IT architectures, every enterprise has a help desk that serves their
employees. The ADManager Plus integrations can redefine employee productivity,
lower operating costs, and improve overall administration through a consistent
system of engagement and decentralized Active Directory management. Some of
the key tasks technicians can perform with this integration include
Provisioning AD, Exchange, Microsoft 365, Google Workspace, and Skype for Business
accounts simultaneously using ADManager Plus' User Creation Templates.
Deprovisioning or deleting AD user accounts.
Enabling, disabling, or unlocking user accounts.
Resetting AD users' passwords.
Empowering end users with self service.
Altering group membership details by adding or removing user accounts
from groups.
Saving time and cutting costs by connecting the applications used by
different departments across your organization
Enhancing security.
Improving user experience and sustaining productivity through quicker
resolution of user issues.